Jan Hutař of Red Hat reports a XSS vulnerability in the handling of the users first and last name within the Web UI.
External reference:
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794